Disclosed herein are techniques to define custodianship of content in an electronic discovery management system and enforce the custodianship of the content in a content archive.
An electronic discovery management system (EMS) is generally used to manage all aspects of the electronic discovery (eDiscovery) process by providing a system to store and track information related to legal matters within an organization. For example, an EMS may, for many different legal matters, identify selection criteria for electronic documents subject to a hold in the legal matter, and identify custodians associated with the electronic documents (e.g. authors or recipients of an email). The EMS may then manage workflows surrounding the legal matters in order to preserve and collect evidence.
Custodianship may generally be defined as what content belongs to (or is associated with) which person. Attempts to define custodianship at the content archive result in complex and unusable solutions due to the fact that legal staff needs to interact with information technology (IT) staff in order to create a definition of custodianship inside a content archive before a collection plan can be executed. It may be impossible to predefine custodianship rules which fit all eDiscovery scenarios.
On the other extreme, attempts to fully delegate the management of per-custodian preservation requests to EMS applications or integration infrastructure external to the content archive leads to lack of custodian visibility inside review tools working on top of the content archive and lack in granularity in audit trail information (how many content items were put on hold for a particular custodian within a particular preservation plan). These tools may not know which data belongs to which custodian because this knowledge is owned by the EMS. Furthermore, this solution leads to unclear audit trails and unnecessary performance hits during hold or release stages in the content archive.